Role-Based Policy Users and User Groups
Users and user groups determine who the role will be applied to.
Role-based policy management is disabled on hosts configured to use script-based policy. For more information, see Role-Based vs. Script-Based Policies.
User and User Group Types
There are three types of users and user groups:
- Secure: A user or group not associated with any system. The name and credential are added to the policy.
- System: The users and groups are retrieved from the selected host. System roles are only available with Endpoint Privilege Management for Unix and Linux versions 9.4.4 or later.
- Directory Service: The users and groups are retrieved from Directory Service. Create a connection to Directory Service on the Settings > Integration page.
If a wildcard character (*) is in the username, the user is treated as a group.
Add a Secure User
- Go to the Policy Management page.
- In the Hostname list, select a server entry, and then at the far right, click the ellipsis menu icon and select Server Details.
- Click Policy.
- Click Who.
- Click Add User / Group and select Secure User.
- Enter Username, Description, and choose to enable or disable the entry.
- Click Save Changes.
Add a Secure Group
- Go to the Policy Management page.
- In the Hostname list, select a server entry, and then at the far right, click the ellipsis menu icon and select Server Details.
- Click Policy.
- Click Who.
- Click Add User / Group and select Secure Group.
- Enter Group name, Description, and choose to make the group active or inactive.
- In the Group members section, enter existing secure users in the Username field to add them to the group.
- Click Save Changes.
Delete a Secure User or Group
- Go to the Policy Management page.
- In the Hostname list, select a server entry, and then at the far right, click the ellipsis menu icon and select Server Details.
- Click Policy.
- Click Who.
- Select a secure user or group entry from the Users list.
- On the Users and Groups pane, click Delete User or Delete Group to delete the entry.
Add a System User or Group
- Go to the Policy Management page.
- In the Hostname list, select a server entry, and then at the far right, click the ellipsis menu icon and select Server Details.
- Click Policy.
- Click Who.
- Click Add User / Group and select System User or System Group. A list of available entries is displayed on the Users and Groups pane.
- On the Users and Groups pane, check the box to import users or user groups. The imported users or user groups are displayed in the Users list.
Remove a System User or Group
- Go to the Policy Management page.
- In the Hostname list, select a server entry, and then at the far right, click the ellipsis menu icon and select Server Details.
- Click Policy.
- Click Who.
- Select a system user or group entry from the Users list.
- On the Users and Groups pane, click Remove User or Remove User Group to remove the entry.
Add a Directory Service User or Group
- Go to the Policy Management page.
- In the Hostname list, select a server entry, and then at the far right, click the ellipsis menu icon and select Server Details.
- Click Policy.
- Click Who.
- Click Add User / Group and select Directory Service Users and Groups.
- On the Users and Groups pane, select the Search Type to Find Users or Find Groups.
- Enter the Forest and Domain.
- Click Browse to filter by organizational unit (OU) and enter criteria in the Search for field.
- Click Search Directory Service.
- Check the box to import Directory Service users or user groups. The imported users or user groups are displayed in the Users list.
Remove a Directory Service User or Group
- Go to the Policy Management page.
- In the Hostname list, select a server entry, and then at the far right, click the ellipsis menu icon and select Server Details.
- Click Policy.
- Click Who.
- Select a Directory Service user or group entry from the Users list.
- On the Users and Groups pane, click Remove User or Remove Group to remove the entry.